ozeki

Top products

The 12 most recently published vulnerabilities affecting ozeki.

• CVE-2020-14030An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized...7.2Sep 29, 2020
• CVE-2020-14022Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .ba...8.8Sep 22, 2020
• CVE-2020-14025Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules...8.8Sep 22, 2020
• CVE-2020-14024Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field...6.1Sep 22, 2020
• CVE-2020-14023Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.4.9Sep 22, 2020
• CVE-2020-14026CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.8.8Sep 22, 2020
• CVE-2020-14027An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to en...5.3Sep 22, 2020
• CVE-2020-14028An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary f...7.2Sep 22, 2020
• CVE-2020-14031An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as...7.2Sep 22, 2020
• CVE-2020-14021An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read an...4.9Sep 18, 2020
• CVE-2020-14029An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can b...7.5Sep 18, 2020
• CVE-2006-6674Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows loca...2.1Dec 21, 2006